Sharing of lists via public links (#94)

pkg/routes/api/v1/auth.go

@@ -0,0 +1,67 @@
+//   Vikunja is a todo-list application to facilitate your life.
+//   Copyright 2019 Vikunja and contributors. All rights reserved.
+//
+//   This program is free software: you can redistribute it and/or modify
+//   it under the terms of the GNU General Public License as published by
+//   the Free Software Foundation, either version 3 of the License, or
+//   (at your option) any later version.
+//
+//   This program is distributed in the hope that it will be useful,
+//   but WITHOUT ANY WARRANTY; without even the implied warranty of
+//   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+//   GNU General Public License for more details.
+//
+//   You should have received a copy of the GNU General Public License
+//   along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+package v1
+
+import (
+	"code.vikunja.io/api/pkg/config"
+	"code.vikunja.io/api/pkg/models"
+	"github.com/dgrijalva/jwt-go"
+	"time"
+)
+
+// These are all valid auth types
+const (
+	AuthTypeUnknown int = iota
+	AuthTypeUser
+	AuthTypeLinkShare
+)
+
+// NewUserJWTAuthtoken generates and signes a new jwt token for a user. This is a global function to be able to call it from integration tests.
+func NewUserJWTAuthtoken(user *models.User) (token string, err error) {
+	t := jwt.New(jwt.SigningMethodHS256)
+
+	// Set claims
+	claims := t.Claims.(jwt.MapClaims)
+	claims["type"] = AuthTypeUser
+	claims["id"] = user.ID
+	claims["username"] = user.Username
+	claims["email"] = user.Email
+	claims["exp"] = time.Now().Add(time.Hour * 72).Unix()
+
+	claims["avatar"] = user.AvatarURL
+
+	// Generate encoded token and send it as response.
+	return t.SignedString([]byte(config.ServiceJWTSecret.GetString()))
+}
+
+// NewLinkShareJWTAuthtoken creates a new jwt token from a link share
+func NewLinkShareJWTAuthtoken(share *models.LinkSharing) (token string, err error) {
+	t := jwt.New(jwt.SigningMethodHS256)
+
+	// Set claims
+	claims := t.Claims.(jwt.MapClaims)
+	claims["type"] = AuthTypeLinkShare
+	claims["id"] = share.ID
+	claims["hash"] = share.Hash
+	claims["listID"] = share.ListID
+	claims["right"] = share.Right
+	claims["sharedByID"] = share.SharedByID
+	claims["exp"] = time.Now().Add(time.Hour * 72).Unix()
+
+	// Generate encoded token and send it as response.
+	return t.SignedString([]byte(config.ServiceJWTSecret.GetString()))
+}

pkg/routes/api/v1/info.go

@@ -24,22 +24,24 @@ import (
 )
 
 type vikunjaInfos struct {
-	Version     string `json:"version"`
-	FrontendURL string `json:"frontend_url"`
-	Motd        string `json:"motd"`
+	Version            string `json:"version"`
+	FrontendURL        string `json:"frontend_url"`
+	Motd               string `json:"motd"`
+	LinkSharingEnabled bool   `json:"link_sharing_enabled"`
 }
 
 // Info is the handler to get infos about this vikunja instance
 // @Summary Info
-// @Description Returns the version, frontendurl and motd of Vikunja
+// @Description Returns the version, frontendurl, motd and various settings of Vikunja
 // @tags service
 // @Produce json
 // @Success 200 {object} v1.vikunjaInfos
 // @Router /info [get]
 func Info(c echo.Context) error {
 	return c.JSON(http.StatusOK, vikunjaInfos{
-		Version:     version.Version,
-		FrontendURL: config.ServiceFrontendurl.GetString(),
-		Motd:        config.ServiceMotd.GetString(),
+		Version:            version.Version,
+		FrontendURL:        config.ServiceFrontendurl.GetString(),
+		Motd:               config.ServiceMotd.GetString(),
+		LinkSharingEnabled: config.ServiceEnableLinkSharing.GetBool(),
 	})
 }

pkg/routes/api/v1/link_sharing_auth.go

@@ -0,0 +1,50 @@
+//   Vikunja is a todo-list application to facilitate your life.
+//   Copyright 2019 Vikunja and contributors. All rights reserved.
+//
+//   This program is free software: you can redistribute it and/or modify
+//   it under the terms of the GNU General Public License as published by
+//   the Free Software Foundation, either version 3 of the License, or
+//   (at your option) any later version.
+//
+//   This program is distributed in the hope that it will be useful,
+//   but WITHOUT ANY WARRANTY; without even the implied warranty of
+//   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+//   GNU General Public License for more details.
+//
+//   You should have received a copy of the GNU General Public License
+//   along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+package v1
+
+import (
+	"code.vikunja.io/api/pkg/models"
+	"code.vikunja.io/web/handler"
+	"github.com/labstack/echo/v4"
+	"net/http"
+)
+
+// AuthenticateLinkShare gives a jwt auth token for valid share hashes
+// @Summary Get an auth token for a share
+// @Description Get a jwt auth token for a shared list from a share hash.
+// @tags sharing
+// @Accept json
+// @Produce json
+// @Param share path string true "The share hash"
+// @Success 200 {object} v1.Token "The valid jwt auth token."
+// @Failure 400 {object} code.vikunja.io/web.HTTPError "Invalid link share object provided."
+// @Failure 500 {object} models.Message "Internal error"
+// @Router /shares/{share}/auth [post]
+func AuthenticateLinkShare(c echo.Context) error {
+	hash := c.Param("share")
+	share, err := models.GetLinkShareByHash(hash)
+	if err != nil {
+		return handler.HandleHTTPError(err, c)
+	}
+
+	t, err := NewLinkShareJWTAuthtoken(share)
+	if err != nil {
+		return handler.HandleHTTPError(err, c)
+	}
+
+	return c.JSON(http.StatusOK, Token{Token: t})
+}

pkg/routes/api/v1/login.go

@@ -17,13 +17,10 @@
 package v1
 
 import (
-	"code.vikunja.io/api/pkg/config"
 	"code.vikunja.io/api/pkg/models"
 	"code.vikunja.io/web/handler"
-	"github.com/dgrijalva/jwt-go"
 	"github.com/labstack/echo/v4"
 	"net/http"
-	"time"
 )
 
 // Token represents an authentification token
@@ -55,27 +52,10 @@ func Login(c echo.Context) error {
 	}
 
 	// Create token
-	t, err := CreateNewJWTTokenForUser(user)
+	t, err := NewUserJWTAuthtoken(user)
 	if err != nil {
 		return err
 	}
 
 	return c.JSON(http.StatusOK, Token{Token: t})
 }
-
-// CreateNewJWTTokenForUser generates and signes a new jwt token for a user. This is a global function to be able to call it from integration tests.
-func CreateNewJWTTokenForUser(user *models.User) (token string, err error) {
-	t := jwt.New(jwt.SigningMethodHS256)
-
-	// Set claims
-	claims := t.Claims.(jwt.MapClaims)
-	claims["username"] = user.Username
-	claims["email"] = user.Email
-	claims["id"] = user.ID
-	claims["exp"] = time.Now().Add(time.Hour * 72).Unix()
-
-	claims["avatar"] = user.AvatarURL
-
-	// Generate encoded token and send it as response.
-	return t.SignedString([]byte(config.ServiceJWTSecret.GetString()))
-}